Why using stunnel via NAT only?

Started by 8191, August 02, 2020, 09:24:11 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 02, 2020, 09:24:11 AM
Hi,

the stunnel documentation and as well the GUI help on the plugin's configuration mention, that it's safest to bind stunnel to localhost only and use NAT to forward traffic to stunnel. On the other hand online help for NAT mentions that NAT should not be used as a security measure.

So my question would be:
Why does the author of the stunnel plugin consider binding to a loopback address consider more secure than binding to the interface address, which is protected by pf anyway?

Thanks and BR
Manuel
August 02, 2020, 02:05:41 PM #1
The lo0 interface will not go down so a network outage or IP address renew will not crash the daemon. If you have a static IP and a stable connection, it should not make a difference.
The alternative is to bind to all IP addresses with 0.0.0.0 and ::
August 02, 2020, 09:40:23 PM #2
Thanks for explanation! So the reason is more a stability issue than a security issue?
Print
Go Up Pages1
User actions